¶ Intro / Opening
This is Risky Women Radio, a show that connects, celebrates and champions women in risk regulation and compliance. We’re here to share the insights on the biggest issues in our industry and hear inspiring journeys from our global members. Sign up to our newsletter at riskywomen.org. I’m Kimberley Cole, your Chief Risky Woman. Welcome to Risky Women Radio. Today's risky woman is Anna Mazzone, but before we kick off, I just want to give you all a
few actions. So I'm hoping you will all sign up and like Risky Women on all of our social channels. That's Instagram, X and join the LinkedIn group. Make sure you go to the Risky Women website, riskywomen.org to sign up for the ROAR newsletter so that you don't miss everything that's going on, including when the latest Risky Women Radio podcast is released. We've been really busy at Risky Women Radio, we've added Rev-up sessions to our repertoire. We aim to have at least one Rev-up
session per month. And for members, these sessions are part of your membership. Risky Women has many different elements, from live events to podcasts, and of course, the Rev-up sessions which are aimed at building on your already amazing superpowers sessions so far have included media training by Chris Dobson, voice and gravitas with the amazing David Pope, storytelling with Soundari Mukherjea, and how to write a
book with Jennifer Geary. And most recently, we did negotiating for more by Black Isle dynamo, Heather Lindhardt, and there's plenty more to come. But now today, let's get on to the topic of digitizing of the enterprise and governance programs. I am joined by Anna Mazzone, who is the vice president for the risk security
and ESG business unit at ServiceNow. She has a long career in banking and technology and has shaped industry developments, both by leading global client commercial partnerships and building financial industry solutions to
solve regulatory challenges. Her deep domain expertise in information technology for financial markets or FinTech, GRC (Governance Risk and Compliance) technologies and KYC regulatory requirements, as well as a knowledge of Third Party Risk and Performance Management, has contributed to significant growth at leading global companies. She was also named in the Innovate Finance Women in FinTech Power List, and she is a non exec director for the Open Data Institute, an industry
leader on establishing standards for the use of data in AI. So welcome Anna! Thank you, Kimberley, it's great to be here. So I've given a brief summary of your career, but I'd love you to take us on your kind of career journey and give us some of the highlights along the way to how did you get to where you are
¶ Career journey
now? Alright, yes, where do we start? So we start at the beginning after undergrad, I moved to California. I was born and raised, went to University in South Carolina, and joined Bank of America. So I had a number of different roles in the bank. Did everything from selling off portfolio of real estate things such as landlocked Pizza Huts and sites with toxic waste. How do you sell a site with toxic waste? First you got to clean it up. Right? Where are you going to clean it up? Who's going to
take the waste? I usually describe that as one of the best jobs I've ever had, because I had someone else's checkbook in order to, you know, sell this property. And the things you had to learn about in that process, it was just amazing, and that was foundational, I think, that combined with obviously working in a bank to learn kind of basic risk management skills. Then went into private banking, did underwriting there for obviously wealthy people, and then went into the trading room and did
foreign exchange sales trading. Which got me hooked a bit, because at the time, I was based in the Bay Area, and I got hooked on technology, and I wanted to join a tech company, because, of course, that was the thing to do when you're in the Bay Area. And I joined what I say is the world's first FinTech, which was Reuters. And that's what we met! That's exactly I was gonna say, yeah! So we've known each other for a fewwww decades. Before you we had those beautiful girls.
And yeah, so yeah, I joined Reuters. Had a fantastic career with them. They moved me to London, New York, back to London. I was working in the client business. I worked in product management, and did various roles in product management, everything from a traditional product management role, you know, with the traditional products, like we had our foreign exchange, content services, equity, et cetera. But I also went into their new media group, which was
all around the whole .com era, and I was responsible for leading a small team of people that we looked at packaging up our content for distribution into the internet, which was God talk about Wild Wild West. That was crazy. It was fun. It was so much fun. And, you know, it was a global business and very exciting. And of course, at the time you're working in a traditional company, but at the same time you're now engaging with a new audience, and that whole change process was very
complex for the company. So that was a really eye opening experience for me in terms of learning how to to understand the opportunity clearly, being able to articulate that opportunity up to the C suite of the organization, and that time was Tom Glocer and co and helping them realize that this was a big new market for us, and here we are today, of course.
But then I would say that the other things that I did when I was at well, I left Thomson Reuters, or Reuters at the time, because I had that tech bug, and I went and joined a company called SuperDerivatives, Who has subsequently been bought by Ice, but that was in the days of pricing up over the counter derivatives, and again, you know, pretty exciting and learning a lot in terms of like, how to open up new markets, how to encourage traditional buyers to think differently, creating
new opportunities for them to make revenue, but also learning to appreciate the value and the scale of an organization like Reuters and the integrity of who they were as a company are today, such a fantastic brand. And then I went to Markit, which was great. They're now owned by S&P, and I was employee number 504, something like that. And there I really learned how to bring together industries to create solutions, and how to do it profitably. Which Markit was very, very good at. And that was
a very exciting time. And then I went to the Chicago Mercantile Exchange and worked in the derivatives area there as well. And then on to a couple of more Silicon Valley companies, smaller companies, because I was really sort of still into that tech bug, and working with small companies like Aravo, which is in third party risk and Metric Stream, which is in the GRC tech space. And then ServiceNow came knocking, and I was kind of
surprised, but intrigued. They were interested in having me join their business to build out their risk business in Europe, Middle East, Africa, and as I learned more about the technology, it was quite intriguing, which I'll talk a
little bit more about later. But yeah, so I would say, when I look over my career, I guess one area that I didn't speak about was the whole KYC managed service, because one of the things I will call out is a mutual colleague of ours and friend, Deb Walton, was the woman that really encouraged me to step outside my comfort zone and push to become the leader of that business, and I had not done that previously in my career, and so it was that was a really big moment for me, and
very exciting, because that was an industry changing event. So my experience at Markit and other organizations got me to
that point of seeing what was possible. So with that business, what we were doing is bringing the banks together to try and solve the conundrum and the challenges around onboarding of customers, particularly the fund management business, the buy side, and so getting them to agree and align around policies associated with know your customer / AML, was very challenging, but I was able to hire the right individual to get that done and then building up teams at our operations, our
data operations in Poland and also out in Asia, was another Excellent. So, so many different tech businesses, so many almost experience. So Thomson Reuters at the time, and David Craig, he really believed in what we were doing, and he funded that business. And Chris Perry was there and really supported, you know, the investment as well. So it was all very, very exciting. firsts in terms of things in your career, in terms of really following the developments that are going on, which is
fantastic. Now you mentioned you're now at ServiceNow some of our listeners might. Know exactly who ServiceNow is, so maybe give us just a short precis of who is ServiceNow. What do they do? What's their focus?
¶ What is ServiceNow
Absolutely. So ServiceNow is a digital enterprise intelligent platform. I use the word intelligent, and I will explain why in a minute. But essentially, what we do is bring together data sources from across the enterprise and pull those data sources in through one data model to enable teams, leaders, executives, to be able to make decisions in context. So why is that important? Because historically and even still
today, organizations are organized by function. You have a finance function, you have a customer service function, you have a sales function, you have a marketing function, etc. And historically, each of those teams will buy technology that supports their function. The challenge is that today, with how business is done, particularly from a risk perspective and a compliance perspective, is you have to have information from many functions to be able to have an educated
view around what is our risk? Are we compliant? Et cetera. And so we as an organization at ServiceNow, we're able to tap into all of those systems, whether it's an SAP system, an IBM System, or FIS payment system, Salesforce, et cetera, and we can pull all of that relevant data into the platform, and through one data model and one architecture, we can now enable the individual, the leader, to be able to have the information and understand it in context so they can make more
informed decisions. Now it's not just risk and compliance. Of course, we span a lot of different types of operations in the company. So one of the areas that we're very deep in is technology. So we enable a CIO to be able to run their business operations, or I should say, their technology operations, but the business side of it, of running tech in a more organized, more efficient, more informed way. But then we also have well we have, you know, the risk business, which, of course
I run, you just think about that runs across the enterprise. And then, of course, we have what we call employee workflow, so the ability to onboard employees, take them through the journey of their career, and also off board. We're not there to replace a Workiva or a PeopleSoft, because those are deep systems of record, right? But we are that engagement layer
that sits on top. And then we have other applications like customer workflow, etc. And then, of course, organizations build their own because, of course, they're looking to take advantage of this content, and then turn around and build
solutions in house that capture their own IP. So we're now, of course, because all that data sits on our platform, and it's usually very high quality data, we've now become very focused as a Gen AI company, because now you can take the Gen AI capabilities and run that on top of the data and start to move faster make decisions. We're going to get into some of that, I think, on this whole digitization of the Enterprise and Governance Program. So
that's fantastic. So it sounds like ServiceNow is really breaking down a lot of those silos and enabling a more holistic approach with the data that you can capture and expose, I guess, for these organizations. Think about it. Kimberley, I always say this, you'll relate to this examples, because when we were at Reuters, remember we had a trading room system called RMDS, right and Trier prior to
that. Think of it. It's the same thing, bringing in feeds of information, one data model right to go out to all those applications, and then you have this whole ecosystem, partner ecosystem that's building applications on top. This is that on steroids. So back to you. How do you create impact in your current role?
¶ Creating Impact
Yeah, so a couple of ways. So first of all, I think that what's most important to me in order to create impact is I really have to be inspired by what I'm what I'm working on. So I find it really interesting this whole change that the industry's going through, and just watching how different organizations are responding to that. So in terms of building the business inside ServiceNow, I try to do a couple of things. First of all, I make sure that I have some clients who can help
tell the story. Because I've been so client oriented basically my entire career, that's who basically validates what you're doing, everything, inside and out. And so when I first got there, one of the things I did was I said, Okay, well, who are good customers? And I went out and met them and locked arms with them, and made sure that if I needed for another client to speak with them, that they would be willing to take calls, right? And they also sit on our product advisory
council. So I think that's super, super important. And because we're cross industry, I get a lot of exposure in different areas of energy and obviously banking, which, of course, is heavy background for me, but and public sector and then manufacturing. So that's one of the first things. The other thing that I do is I make sure that the executives in the organization understand our story, and I help enable them to
be able to tell that story at an executive level. Because obviously, risk and compliance, as you know, that is the boardroom topic. That is the C suite topic, and that's becoming more and more relevant because of regulation, which we might touch on later. So that was that I make sure that we engage with
the senior leaders constantly in the company. And then the other thing is that I guess I've learned in my career is that the little praise that I can give the team and people and what they're doing, I think, is a way that I can help make impact in terms of whatever that might be inside our organization or even outside, because it creates that little ripple, like that pebble going into the pond, right?
Okay, a couple of other kind of thoughts that I love is, what is the biggest risk that you feel that you've taken in your career, and did it pay off? And then maybe what is an important lesson that you've learned along the way that you would share with aspiring professionals on the podcast? Yeah, so there are a couple. I would say that when I was at Bank of America, I moved to a Japanese bank for a very short period of time, six months, essentially. And then I joined
Reuters. And I also, when I was at Reuters, obviously, I had a very long career there. And then I joined an Israeli company, SuperDerivatives, et cetera. And I would say that in some of those moves there, there was risk associated with not understanding and knowing the culture, that old adage of culture eats strategy for breakfast, but culture is the
motivating element to what we do, I think, at work. So that when I've made moves later in my career, first thing I want to learn is Tell me about your culture, and I got to get a sense of the culture, and am I going to be a good fit here, or can I work within this culture? So I would say those are some of the risks that I've taken, but I've learned from those, and you know, much wiser today. The other big risk that I took was building the KYC business, because it was the first in the
industry. I mean, we were followed very shortly thereafter by the DTCC out of New York and also by Markit themselves, also building something so we were all competing, and it was a big risk to take inside Thomson Reuters in terms of getting the leadership to invest in that. But wow, what an amazing, amazing experience to spin up a business from basically three people to 200 in a matter of 15 months. It's just you know, that level of experience, it's very hard to capture in your career, right?
So, yeah, amazing experience. Yeah. I would say that the most important lesson that, thus I learned from all of that is to step up, take the ball and take accountability for delivering. And you have to remember, at the end of the day, if you're going to be in that leadership role, you're accountable. You're accountable for people being
able to make their mortgage payment, right? People being able to make their car payment, etc, and that's a huge amount of responsibility, but you also are accountable for inspiring them and giving them a sense of purpose. And sometimes that's difficult for leaders to do, because it's hard sometimes to find your leadership voice, and also is my voice resonating.
Takes time for it to resonate, but that's I would say just, you know, stepping up and being accountable is one of the biggest lessons I learned. Fantastic. Well, it's lovely being here in London with you, and we're getting all of the sirens and bells, and hopefully our listeners are not too distracted by our surroundings.
So to close on this career journey element of Risky Women Radio when you're thinking more broadly, and you've spoken a lot about the passions that you have within the businesses, but you know, what would you say you're most passionate about? Because you. Said technology, you've got a whole range of different things. Yeah, I'm most passionate now, and I guess have been over a period of time in my life, of solving problems, but solving big problems. I have the confidence now to solve the
problems. I would say Reuters did that for me, it helped me realize that the world is a stage, and I don't mean in terms of performance, but I mean in terms of understanding the problems and thinking about, how do I pull resources from various parts of the world to be able to solve X or Y? And so if I'm passionate about it, and I think it's something that can really impact in the right way, a right group of people, then I'm happy
to take that on. I'd say the other thing I've become more passionate about, and maybe that will take me into my later years, is I've become very passionate about wildlife and animals and preservation in that space. So because I just think obviously it's so important to our own ecosystem as humans. So on that personal side, that's something that I'm very passionate about. So an amazing career journey, and looking forward to now getting into the digitizing of the enterprise and governance
programs. So let's take a break. So ServiceNow, you mentioned already, it's at the forefront of using Gen AI. Can you share more on the partnership that you have with Microsoft and NVIDIA and how you're using Gen AI really successfully within the company?
¶ Digitizing the Enterprise and Governance Programs
Absolutely. So today, when you think about the use cases that clients can leverage Gen AI in it tends to be very quote, unquote, customer service oriented. And I don't mean necessarily customer service in terms of how the organization might interact with you as an individual, but I need more in terms of how they might enable their internal customer service teams to be more efficient, and how they enable work with their
clients, or even their internal client as well. So the partnerships we have with Microsoft and NVIDIA start at the very top, up there with the CEO of both companies. We've done some proof of concept work with Microsoft, and now, of course, we're taking a lot of this live in terms of working with Copilot, so using that capability to be able to do like case summarization, right? Because a lot of clients use our solutions for customer service management. So and you know,
some cases can be very long. Can be complex. They can, you know, extend over multiple days. So if you can use Gen AI along with the Copilot capability in that to be able to summarize cases, then that makes it very efficient for the customer service agent. It also can identify if these are new challenges or new problems that are being discovered in your business, in your products, and thus you can then take that information and then put that back into your knowledge base
for your customer service team. So those are just a few examples, I can see how this will start to extend. And there's a world of governance, right, and particularly around compliance. So that's some of the stuff we're doing with Microsoft. And then also, from an NVIDIA standpoint, we have a Gen AI bot called Now Assist, so we work very closely with NVIDIA to do a lot of co-development and testing capabilities associated with our platform in building LLMs, large language
models that are domain specific. So we don't want to create like, you know, another Chat GPT, of course, because we don't see that being our area of expertise, but more about taking the NVIDIA capabilities and then creating domain specific LLMs, which can be cheaper, faster to run for an organization because they don't need as much energy, et cetera. So those are some of
the things that we're doing today together. So I would say that the other thing about AI and Gen AI as well is that, you know, it can be very expensive to manage these environments, and the clients are always asking us, so what are you doing? What are you doing? What are you doing? And, you know, we show them our road maps and how we can work with them, etc. I would say that the biggest thing that clients have to focus on, honestly, is getting their data in shape to get ready for it.
Obviously, you've got to have good quality data to be able to get the kind of results you're looking for from these tools. So that, I think, is really kind of the foundational component that people are trying to do right now. Cool. So you actually started to get into some key customer themes, or things that you're seeing that your customers are focusing on. Can you share more about that? What are you actually hearing from customers? Yeah, sure. I think there are three things that I see
happening in the market. So first of all, there's digitization of the enterprise, I would say second thing is really understanding third party risk and their supply chains at a deeper level, and then also the third thing would be around AI governance. So maybe I should touch on each of those. Yeah? Yeah, give us an overview of what's specifically around those three pillars. So from a digitization of the enterprise, organizations have
to do this in order to compete these days. It's just a basic requirement, not only in terms of us having a good client experience, but it's also to improve the experience of the employee and how they work. I see organizations now, really, when they talk about the employee experience, of course, I think historically, we would think of, oh, well, that's all their HR experience, right? No, it's more than that. It is about understanding how the employee works and how many applications
does the employee have to touch to do their job. So now what I see organizations doing is starting a three to five year plan of rationalizing applications. I mean drastically rationalizing applications and having a whole employee experience team that will create that engagement layer that enables the employee to be more efficient, and that is a big area of focus. That, of course, will lead to focusing on
improving productivity. And of course, we all hear about the fact of trying to recruit the best talent, etc, and that's one of the reasons that there has to be such an investment in digitizing the enterprise. Now the other thing about digitizing the enterprise is the fact that as you start to define out all of the processes across the enterprise, you can start to now
embed controls into how the individual works. So that starts to give the enterprise a higher level of assurance, or, in other words, gives the C suite a higher level of assurance that the policies and the regulations that we have to comply with are being adopted and enforced. Because, you know, now you've got a digital audit trail on the top of the platform. The flip side to that is that, because the enterprise has so many applications, the attack surface across the enterprise is much
broader, right? And then, of course, we see what happened this past Friday with CrowdStrike, and then the impact globally, across multiple industries, organizations being brought to their knees, in some cases, can't get people out to meet their flight commitments or being able to access their bank
accounts, et cetera. So we've had some financial institutions saying to us, prior to that event, that they thought some of the regulation that's coming into effect in January 2025 here, the big one being DORA on the continent, the Digital Operational Resilience Act. They thought, well, let's see. Maybe the regulator will just push things out well after Friday,
absolutely, I do not believe that is going to happen. Matter of fact, I wouldn't be surprised if the regulator has fired off a letter to every board or CEO of every financial institution registered with a regulator, saying, I want you to do an IT risk assessment immediately and confirm back to us your risk and how you're mitigating it, of a CrowdStrike type event
happening. So that goes back to the whole point about third parties and organizations are using them more and more and more, of course, but now what you've got to start to understand is what type of technology is a third party using to run its operation, right? And I think where the real complexity is going to start to develop is, this is going to be huge, is understanding how those third parties, and potentially their fourth parties and their fifth
parties are using AI or Gen AI to produce their products. That is going to be really complex to deal with. So that takes me on to now AI governance, which I think is at the forefront of most well, should be at the forefront of most organizations, particularly the C suite. Before you start using any kind of AI, particularly with clients externally, you want to make sure that you've got a governance model in place that can control the AI, the Gen AI, from hallucinating and doing
kind of random things. So it's no secret, though, that organizations are trying to adopt AI and Gen AI very, very rapidly, but the question is, how do we help them do that safely, ethically and in compliance with their own policies and their own risk appetites, et cetera? So that's
the big thing that I think is coming. I mean, we're going to be coming out with some things in the new year around AI governance across a platform, but it's also that ability to connect into their third parties, and staying connected to that third party to understand, as their solutions are changing and new updates are coming, what do those new
updates now incorporate from an AI perspective? So that, to me, is going to be the biggest challenge a third party risk is an area that I really, really find fascinating, because I always say it's like KYC on steroids. This, to me, is really going to create so much complexity. I don't know it'd be fascinating to see how it evolves. And are you seeing any interesting ways that that complexity is being tackled?
So what some of the larger organizations are starting to do in terms of the third party risk component, and I think, well, AI will just be yet another risk that organizations will now have to monitor and manage. But what I see happening is that organizations are making big investments in the third party programs, not only from a risk management perspective, but also a performance management perspective and the risk management piece, what has historically happened is they
always push out assessments to these third parties. So you get all kinds of requests from your client, can you please complete this assessment, Et cetera? And clients just can't respond to this level of detail anymore. It's just too much. So what companies are doing now is they're depending on companies like, I guess now the London Stock Exchange data companies, a Moody's or a DNV or a Bitsight security scorecard, etc, etc, to
be able to get those risk scores in. So they'll now have scores based on different risk categories, and they will use those scoring mechanisms as ways to monitor particularly their critical high risk third parties. But as we know, events can happen even in your medium to low risk portfolio. It happened what six, eight years ago with Target in the States, where the huge amount of client data was stolen by the HVAC heating air conditioning system provider, because they came in
to do maintenance work and had access to the network. So they stole all this client data. Who would ever have thought of an organization like that, right? But as one client said to me, big global pharma, he goes, I tell my internal clients all the time, You have to understand there is risk in doing business with third parties, and you have to accept that. Now, how much of it are you going to assume and what are you going to do to mitigate it? Is the question.
I mean, there's always risk, and then the flip side, as you said, whether you're looking at performance or opportunity. So what are some of the top opportunities that you think your customers or institutions should be focusing on?
¶ Opportunities and Challenges in GRC
I would say that. I know it's gonna sound really odd, but I think the UK's banking regulator, the FCA, the PRA have released a regulation called Operational Resilience, and that goes into effect 100% in March 2025. Now I read that regulation when it initially came out in March 21, 2021, and I was interviewing someone from the Bank of England for an event, and I was saying to him that the regulation to me as I read it,
really could apply to any industry. And he said to me, said, Anna, what business doesn't want to be resilient? True. That's right. So I think that regulation is a really good way to think about how to organize your business, end to end, digitally, so that you can understand who are your third parties supporting that business, who are your people supporting that business, which facilities do you need to support that business? What is the technology you need to
support that business, and what is the data that you need? And so that you as the product owner, can have that end to end visibility, and that you can begin to understand where you might have operational vulnerabilities. That's going to be the big new thing is the whole thing around operational
vulnerabilities. And being able to take that environment now and create a digital twin so that you can do a lot of scenario testing, and that's where Gen AI is going to come in, and your Gen AI capabilities will be able to recommend scenarios to test and identify those operational vulnerabilities in that network for you that's different from security vulnerabilities. So this is going to be at another new area that organizations are going to have to focus on, if you can design your operation
end to end. Of course, financial institutions that do business here in the UK must do that and being able to thus define that workflow and put it into a platform, whether it's us or any other platform that you might be using, and being able to connect in the control framework of your organization so that you can direct your colleagues to do what you need them to do relative to the action they're trying to take, because the environment's very fluid these days, right, externally, as well
as internally. And I think about my days when I was on the trading desk at Bank of America, and I think about my God, if I had to keep up with all of this regulation and at the same time, being able to advise my client on why they should hedge X and use this kind of instrument or advise them on the macroeconomic
environment, et cetera, et cetera, it's too much. And of course, you as an employee always want to comply with what the organization needs you to do, and so that's why I talk about the fact of taking the controls and embedding it into the workflow of your employees, so that you can direct them to do the right thing, and thus that helps you as an organization maintain control over your risk appetite, which you of course have to be able to demonstrate back to the regulator.
How quickly do you think, though, that the enterprise will be able to implement some of these things? Yeah. I mean, it's a really good question, because, as I always say to clients, technology works. It's the can you get your people and the mindset for change? And that is the biggest challenge in my book. I think this is always a function of the priorities of the executives, and that's one thing that we're always questioning, is okay, well, who's sponsoring this
project? Okay? And I've seen organizations, though, of 20,000 employees, change their whole operational risk tech processes down to level five levels in less than 12 months. Now, they had some motivations around doing that. Of course, their execs were very supportive and just kept pushing the change. But it is about preparing your people for change, and I had one
of our clients tell me this a couple years ago. She said one of the biggest things we have to help our employees understand is that we're not running around chasing people for evidence anymore. We're now letting the platform do all of that, and we are turning them into data scientists, and that looks a lot better on their CV than what they're doing today. But you've
got to get people ready for that. And that is the biggest mistake that organizations make, is they don't invest in that change program, the people change piece. Yeah, that's very interesting. So thinking along that line, then what is that biggest shift that you think you'll see, or that we'll see in the future of governance, risk and compliance?
I think what you're going to see is that it's not about running around collecting evidence, as I was just talking about, because I think with the technology today, you can just embed the governance right into how we work, day in and day out. I mean, just a simple example, and I don't know if you've ever encountered this, but I can tell you, when I use the Uber app and I say, I want this car at this time, sometimes the Uber app comes back and says, Oh, that's outside your company policy. I'm
like, Oh, that's really interesting, right? But imagine if you were inside the company and you were doing things, it's like, no, you can't do that anymore. We need to have X, or you need to do Y, right? And you're like, Okay, wow, because there's so much going on, that's where the systems are telling you what you need to do. So I think that's one thing. I think the other big shift is just improving the quality of the
data. Is that is becoming paramount now as organizations are determined to take advantage of Gen AI and to be not only more efficient, but also using it to protect the organization and their brands. And then I think the other big shift is this whole including third parties into the extended enterprise. I wouldn't be surprised, because you'll need
to incorporate them into all your scenario testing. So you could be sitting with someone who might be, might be paid by another company, but you might see them as just as a part of your team, because they're embedded just day in and day out. And I think that's another big shift that we'll start to see. Yeah, very interesting. Look. We could talk for a lot longer. You've also got ESG in your area, which I think we probably don't have time to even touch on. So can I get you to
summarize a little? It's big and it's complex and really interesting topic on digitizing the enterprise and governance. What key messages would you have for the audience and your customers to focus on, both in the short and the long term?
¶ Final Thoughts and Recommendations
Yeah, so three things I would say. I think it's people, identify quick wins and strategic, so people get sort of back to what we were just talking about, getting people in their heads in the right space for change. Challenge your teams to identify processes that can be digitized and improve efficiency and assurance levels. Get them to start raising this for you. And so that, I would say, is number one, that way you start to get them bought into the change. I think the next
thing is around some quick wins. So start looking at your control environment and your structured data associated with that control environment. So when I talk about structured data, what I'm talking about are tech controls, security controls, financial controls, all of that is structured data that you can immediately start to fold into a workflow, and you can make that more efficient so that you give your organization back some
productivity improvements. I can tell you, one of the world's largest oil and gas companies has done that, and they have over 4000 people that all they were doing were collecting evidence, etc, in addition to their other day job. But they were able, from a productivity improvement standpoint, this organizations much bigger than 4000 people, they were able to give back 23 to 25 headcount to the organization, and you also, as they would say, you enable your people to start working on
projects that are really fun and exciting. And I would say the last thing is more strategic, so really starting to partner with your chief digital data officer to develop that enterprise risk and governance and compliance taxonomy. I'm sure they already have taxonomies. You want to now start to embed your taxonomy into theirs and making sure that that gets into all the other internal systems that are accessing those taxonomies. I think that's my recommendation for short term. I would say just
long term. I'd be looking at operationally strategic use case would be getting Gen AI to help you and the team start to identify operational vulnerabilities and security vulnerabilities across your enterprise. It's going to take you a couple years. I can just say that just observing what some of our clients are going through right now, it requires having really good data. It all goes back to the data. Always goes back to the data. And there are just a lot of stakeholders
that have to be involved. You have a lot of third parties that're gonna have to be involved in. So you need to think about, how do you bring them together so that you can enable this to be successful, a successful program long term for the organization. Thank you. Really. Some great advice in there, and obviously a lot of data, data, data, and people. And people are always at the heart of everything. So thank you for that. And now for our quick little wrap up, our Risky Women wrap up, if you
like, which I always consider a bit of the rapid fire around. So are you optimistic, pessimistic or neutral in your outlook for the year ahead? I am optimistic. Great. We always have an optimistic group that's good. Optimistic, absolutely. And what do you what do you see as the top risk for the year ahead? Use of AI, Gen, AI. How do you manage that. Excellent. And best advice for the next generation of compliance professionals. Ooh. Best advice. You need to have developed some good
understanding around technology. You need to take some business courses on technology. You don't need to know or learn how to program, because I can tell you what's going to happen with Gen AI. It's going to do the programming for you. We've got capabilities now where the system just looks at the whiteboard. It can take the information off the whiteboard and write the code for you. So you won't need to code, but you need to understand how this all fits together.
Yeah. Interesting. Really interesting. And. We love to get some hints and tips from our Risky Women. So would you have a book to read, something to watch and or a podcast that you recommend? The most recent book I've read that I just really enjoyed was called Lessons in Chemistry. Oh, I loved it, too. Oh, my God, it's by Bonnie Garmus. There's also a mini series on it. But what a great story, what a great story. I agree. Loved it too. Yeah, so you can read the book and watch
the series. Yeah, any of your favorite podcasts? Oh, Risky Women of course. Of course. Thank you! And what key message thought or quote would you like to end on to inspire our Risky Women? I would say I actually was running this by my husband. It didn't take long. I said, have a sense of purpose and never give up. Absolutely love it. Well thank you, Anna. It's been fabulous to catch up formally on Risky Women Radio. We've been trying to do this for a long time, but fabulous content in there as
well. That great advice for everyone. And so thank you everyone also for listening. Thank you, Anna, for joining us. And if I can ask everyone to go onto your favorite podcast channel, give us a five star rating, and also don't forget to go and follow us on all of our social channels. Sign up for the Risky Women ROAR newsletter on our website, and we look forward to seeing you at events or back here on Risky Women Radio, thanks for joining.